package com.gzkemays.server2.config;

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableOAuth2Sso
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ClientWebSecurityConfig extends WebSecurityConfigurerAdapter {

  /**
   * 核心过滤器配置，更多使用ignoring()用来忽略对静态资源的控制和过滤微服务间feign的接口
   *
   * @param web
   * @throws Exception
   */
  @Override
  public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/js/**");
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.antMatcher("/**")
        .authorizeRequests()
        // 访问 / /home 不用认证
        .antMatchers("/", "/home")
        .permitAll()
        .anyRequest()
        .authenticated();
    //        .and()
    //        // 权限不足跳转 /401
    //        .exceptionHandling()
    //        .accessDeniedPage("/401");
  }
}
